b. Validate the HTML: Make sure that you have valid HTML (or XHTML). This can be done with a W3C validator

c.Disable the cookies from your browser settings. If you are using cookies on your site, your sites major functionality will not work by disabling the cookies. See if appropriate messages are displayed.

(A cookie is a small piece of information stored as a text file on your computer that a web server uses when you browse certain web sites that you've visited before).

d. Switch JavaScript off: It is important to check that your site still functions with Javascript disabled or provide proper Javascript error message: e.g. “enable Javascript to see animation of Intelligaia Technologies”.

e. Warning messages:Error/warning messages should be flash to user for incorrect inputs.

Step 3 - Interface Testing

a. Data display on browser should match with data available on server: To test browser and server interface, run queries on the database to make sure the transaction data is being retrieve and store properly.

h.Clear your Cache: Be sure to clear the browser cache, including cookies, before each test.

i. SQL injection:To test for SQL injection bugs, find places where users can enter text, such as where the text is used to perform a lookup function, according to Breach. Then type a single quote character and some text. If the application shows an error message from your database, then you're likely housing an SQL injection bug.

(SQL injection is an attack in which malicious code is inserted into strings that are later passed to an instance of SQL Server for parsing and execution.)

If that text displays where you reload the page, then your site has an XSS vulnerability.

(Cross-site scripting attacks occur when a malicious person, the attacker, can force an unknowing user, the victim, to run client-side script of the attacker’s choice. The term cross-site scripting is sort of a misnomer, because it’s not just about scripting and it doesn’t even have to be cross-site. It’s a name that was branded upon its discovery and it has just stuck.)

k. Session hijacking: If your application has a session identifier number in the URL decrease that number by one and reload the page. The app has a session hijacking vulnerability if the app then "sees" you as a different user.

(Session hijacking, also known as TCP session hijacking, is a method of taking over a Web user session by surreptitiously obtaining the session ID and masquerading as the authorized user. Once the user's session ID has been accessed (through session prediction), the attacker can masquerade as that user and do anything the user is authorized to do on the network.)

a. Can your site handle a large amount of users requesting a certain page.

b.Long period of continuous use: Is site able to run for long period, without downtime.

For more information about Load testing, kindly refer to: http://puretest.blogspot.com/2009/11/performance-testing-1.html

c.Web page performance (speed) - Page Speed generates its results based on the state of the page at the time you run the tool. To ensure the most accurate results, you should wait until the page finishes loading before running Page Speed. Otherwise, Page Speed may not be able to fully analyze resources that haven't finished downloading.

Free Tools which plays very important role in web site testing:1. Bug Tracking Tool: Bugzilla